In today’s world of identity theft, it is important that HR professionals work to achieve maximum security and privacy for employees. When private information is exposed, it can be costly. For example, in March of 2011, the Texas Comptroller’s office inadvertently disclosed on a public website the names, addresses, and social security numbers of 3.5 million state workers. 1 The state has already spent $1.8 million to remedy this problem by sending letters to affected parties and hiring technology consultants to review office procedures. While keeping employee information private is the responsibility of all management in an organization, ensuring privacy remains the job of the HR professional.
Some of the things to combat employee identity theft include the following:
- Conduct background and criminal checks on employees who will have access to sensitive data.
- Restrict access to areas where data is stored, including computers.
- Provide training to staff who will have access to private employee information.
- Keep information in locked files or in password-protected files.
- Use numbers other than social security numbers to identify employees.
Another privacy issue that comes up often is the monitoring of employee activities on devices that are provided to them by the organization. Case law, for the most part, has decided that employees do not have privacy rights if they are using the organization’s equipment, with a few exceptions. As a result, more than half of all companies engage in some kind of monitoring. According to an American Management Association 2 survey, 73 percent of employers monitor e-mail messages and 66 percent monitor web surfing. If your organization finds it necessary to implement monitoring policies, ensuring the following is important to employee buy-in of the monitoring:
- Develop a policy for monitoring.
- Communicate what will be monitored.
- Provide business reasons for why e-mail and Internet must be monitored.
Working with your IT department to implement standards and protect employee data kept on computers is a must in today’s connected world. Communication of a privacy policy is an important step as well. Agrium, a Canadian-based supplier of agricultural products in North America, states its employee privacy policy on its website and shares with employees the tactics used to prevent security breaches. 3
At Agrium we are committed to maintaining the accuracy, confidentiality, and security of your personal information. This Privacy Policy describes the personal information that Agrium collects from or about you, and how we use and to whom we disclose that information.
- 1130 reads